Transfer of verification data

ABSTRACT

A method and system are provided for transferring verification data from a first carrier to at least a second carrier in a secure manner. A first carrier, which is typically a smart card based ID card, contains verification data to identify the card holder securely. The method of the invention verifies the verification data on the ID smart card, reads the verification data, compresses and encrypts it, and writes it onto a second carrier, which may be a second smart card or a printed document, for example, in a machine readable form. The invention permits verification data to be securely transferred from one carrier to another, which permits a high degree of security in numerous applications such as the issuing of bank cards, medical aid claims, and other valuable documents.

BACKGROUND OF THE INVENTION

This invention relates to a method of and a system for transferringverification data securely.

Smart cards are becoming increasingly popular due to their ability tocarry large amounts of portable data in a secure and compact manner.

Verification and identification issues have become increasinglyimportant in smart card technology, in particular as regards combatingfraud. Most users are still more comfortable with paper-baseddocumentation and the standard verification methods associated with suchdocumentation, to the extent that certain documentation will probablynever be replaced by electronic forms.

Another problem associated with smart card technology is that the holderof the smart card has possession of the card, which means thatinstitutions such as banks only have access to verification data onpresentation of the smart card. In many cases, this will hamper theability of an institution to regularly access secure data.

In many countries, multi-functional smart card technology has now beenaccepted for use with identity documents and cards. It is an object ofthis invention to allow ready integration of such identity cards withother portable data file technologies, as well as with paper-baseddocumentation.

SUMMARY OF THE INVENTION

In broad terms, the invention is directed towards a method oftransferring verification data from a first carrier to at least a secondcarrier in a secure manner so that data on the second carrier isindependently verifiable.

More particularly, a first aspect of the invention provides a method oftransferring verification data from a first carrier to a second carrier,the method comprising the steps of:

-   -   verifying the verification data on the first carrier;    -   reading the verification data;    -   securing the verification data; and    -   writing the verification data to the second carrier in a machine        readable format.

In a preferred form of the invention, the method includes the furthersteps of controlling access to the verification data written to thesecond carrier, reading the verification data, and verifying the readdata.

The first carrier is preferably a portable data storage device such as afirst smart card.

The second carrier may similarly be a portable data storage device inthe form of a second smart card.

Alternatively, the second carrier may comprise a document to which theverification data is applied in a machine readable format, for exampleby printing.

The first carrier may be an identity-based carrier associated with anindividual, and the step of verifying the verification data may comprisethe steps of controlling access to the first carrier by verifying theidentity and/or credentials of an operator designated to implement atleast the reading step, and verifying the identity of the holder of thefirst carrier.

The operator and holder verification steps may comprise PIN/passwordand/or biometrically-based verification procedures.

The PIN/password and biometrically-based procedures are preferably usedin conjunction with one another in a matching procedure.

The securing step may include the steps of adding additional securitydata to the verification data and compressing and encrypting thecombined security and verification data.

The step of controlling access to the written verification data on thesecond carder is preferably substantially identical to the correspondingaccess control step in respect of the first carrier.

Similarly, the step of verifying the read data on the second carrier maybe substantially identical to the corresponding verification step withrespect to the first carrier.

The method may include the still further steps of reading theverification data from the second carrier and writing the verificationdata to a third carrier in machine readable format.

The second carrier is typically a document to which the verificationdata is applied in machine readable format, and the third carrier istypically a portable data storage device such as a smart card.

Alternatively, the second carrier may a portable data storage device andthe third carrier may be a document to which the verification data isapplied in machine readable format.

The invention can thus provide for the secure transfer of verificationdata from a first carrier to an n^(th) carrier via n−2 carriers, whereineach intermediate data transfer step is secured.

The invention extends to a system for transferring verification datafrom a first carrier to at least a second carrier in a secure manner,the system including means for verifying the verification data on thefirst carrier, means for reading the verification data, means forsecuring the verification data, and means for writing the verificationdata to a second carrier in a machine readable format.

Preferably, the system further includes means for controlling access tothe verification data on the second carrier, means for reading theverification data on the second carrier, and means for verifying readverification data on the second carrier.

The securing means typically includes encrypting and decrypting means aswell as compressing and decompressing means for compressing, encrypting,decrypting and decompressing the verification data.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows a schematic flowchart of a first embodiment of a method oftransferring verification data from a first smart card to a second smartcard;

FIG. 2 shows a schematic flowchart of a second embodiment of a method oftransferring verification data from a first smart card to a document;

FIG. 3 shows a schematic flowchart of a third embodiment of a method oftransferring verification data in which the data is transferred from afirst smart card to a second smart card via a secured document; and

FIG. 4 is a conventional flowchart summarising major steps of themethod.

DESCRIPTION OF EMBODIMENTS

The invention will now be described by way of three embodiments whichillustrate various possible applications thereof. The first embodimentapplies to the issuing of a second smart card, typically by a bank orother financial institution, to the holder of a first smart card, whichis typically an identity card.

Referring first to FIG. 1, a first series of operator access control,cardholder identification and smart card reading steps are illustratedschematically in block 10. A first smart card in the form of a nationalidentity card 12 is presented to an operator of an institution such as abank. In the first access control step, verification of the operator isrequired. This may be achieved in a number of ways, either verifying thePIN code or password 14 of the operator or by matching the fingerprint16 of the operator using finger biometrics. Naturally, the PIN code isnot as secure as the fingerprint matching method as it does not ensurethe identity of the operator. As is well known, a third party can obtaina PIN code in various ways, so that biometrics are preferred.

Three alternative methods have been developed to verify the fingerbiometrics of the operator. In the first method, known as the“password-controlled one-to-one match” method, the operator enters thepassword 14 into a computer and then places his or her finger on thefingerprint scanner. The password serves as a search key to the databaserecord which holds the finger biometrics of the operator and thebiometric data derived from the live finger scan is compared to the dataretrieved from the database record.

In the second method, known as the “card-to-live scan finger-matching”method, the operator is provided with an access card. This card iseither in the form of a smart card or a card with a two dimensional barcode having fingerprint biometrics incorporated in the machine readabledata of the card. To obtain access, the finger biometric data obtainedfrom the card is compared with that derived from the live finger scan.

The third method to identify the finger biometrics involves aone-to-many finger matching method. This method is similar to the mannerin which a number of automatic fingerprint identification systems work.A live finger scan is compared with many fingerprints registered on adatabase. If a match occurs, access is granted. As many database recordshave to be searched, the fingerprint patterns are usually classified soas to cut down on search time. This method is typically only reallypractical with 150 registered operators or fewer. An alternative to thisis using fingerprint scanners which have firmware within the scannerwhich can match a live biometric scan to many biometrics which arestored in memory within the scanner device.

Once the fingerprint 16 and/or password 14 of the operator are matched,the data from the operator database is logged at the computer. Thislogged data is normally added to the data read from the smart card 12for portable accountability purposes. Once positive operatorverification and identification has taken place, the smart card 12 isplaced in the smart card reader 20 connected to a PC 22. Instead of aconventional desk top PC, a laptop/notebook PC, or other portablecomputing device could be used. A secret public key code required toaccess the data of the smart card is used secretly by the program togain access to the user smart card data, as well as to decrypt theverification data, together with other forms of data.

The next step in the verification process is to verify the identity ofthe cardholder. The nature of the identity verification process dependson what verification data is available on the smart card 12. In caseswhere the smart card simply has a holder PIN code or password, theoperator or preferably the cardholder enters the PIN code on thekeyboard of the PC, which PIN code will then be verified. Preferably,the smart card has a digitized facial image and/or digitized signatureimage. In this case, these will be displayed on the monitor of the PC22, and the identity of the cardholder will be visually confirmed by theoperator. If fingerprint biometrics are available in the verificationdata, these can be matched with a live finger scan 28 of the cardholder.In this case verification takes place automatically rather than byvisual matching by the operator, as was the case with the facial image24 and signature image 26.

Only in the event of both operator and cardholder verification will theverification be processed for rewriting to a second smart card 30, as isindicated schematically at 32. Additional data is now added to the dataset which needs to be written to the second smart card 30. This dataincludes the details of the operator and possible additionalverification details derived from other documentation which theinstitution may require. These could be monetary amounts, duration andexpiry dates, guarantee details and so on. Transaction time stamps mayalso be appended to the data.

The data read from the first smart card together with the additionalcaptured data is now compressed by various compression techniques. Inthe case of digital image compression, a lossy compression technology isused. This can either be based on fractal or a wavelet imagecompression. Both of these techniques compress the image by filteringout the less relevant image information which is less critical to thehuman visual identification process. If the data is non-image based, alossless compression is used. In this type of compression which is basedon arithmetic encoding, no data is discarded. Arithmetic encodingprovides the highest compression ratios, but is one of the slowestlossless compression technologies. As the data sets are not particularlylarge this compression technology is the most suitable. Different dataelements may be compressed using different encryptions. After beingcompressed, the data is then re-encrypted, with the private key of theinstitution (in this case the bank) being secretly used by the programto re-encrypt the data.

A private/public key encryption scheme is used. The private key can onlyencrypt, and is never known by any operator. The public key is onlycapable of decrypting the data. The public key can be distributed fordecryption in many locations, with the private/public encryption beingbased on RSA encryption. Both of the private and public keys are usuallyacquired from digital certificates, which supply these keys when theyare prompted with the correct passwords. Below the private/public keylayer are another two layers of encryption. The one layer generatesunique keys from the uniqueness of the data of the data set of eachcard. The other layer merely scrambles the data using a number ofscrambling algorithms.

For additional security, technology has been developed around the HASP“dongle” of Aladdin company. This is a highly secure device which isattached to the parallel, USB or serial port of the PC, and is used tohold the digital certificate which supplies the secret private andpublic keys for the encryption and decryption of data. An additionalalternative is another Aladdin company product known as an “E-Token”which is a device which attaches to a USB port of a PC and which wasdeveloped specifically for the purpose of supplying passwords, keys anddigital certificates for digital signatures and public keyinfrastructure encryption. Additional scrambled codes, together withoperator log data are also stored on the dongle. A further use of theHASP dongle is to protect the executable programs from being viewed ortampered with, copied or being run on any other machine other than theone which they are registered for. This is achieved by the combinationof secret seed codes on the dongle and executable program envelopingsoftware.

Referring back to the card writing step illustrated schematically at 32,the second smart card 30 is now inserted into the smart card reader 20.Before the data can be written to the smart card 20, a further smartcard private key access is secretly passed by the program. Once the datahas been written to the smart card 30, the bank or other institution nowhas verification features originally carried on the first nationalidentity smart card 12 captured on the second smart card 30, as well asany other data which the institution may require to be combined with theacquired verification features. Additional details from otherinstitutions may also be written onto this second card.

The next stage in the transfer procedure is the verification stage ofthe bank's own smart card 30, in which the data which was acquired fromthe first smart card and written to the second smart card is accessedand used. This process is indicated schematically in block 34. The smartcard 30 is placed in a smart card reader 36 which is connected to a PC38. Again the operator needs to comply with the operatorverification/access control procedures described above with reference toblock 10. After positive operator identification and verification, thepublic access code is secretly passed to the smart card 30 so that datacan be read from the smart card. Once acquired, the data is thendecrypted by virtue of the program secretly passing a password to thedigital certificate which issues the private key for the decryption ofthe data. Once it Is decrypted, each data type, either image-based ornon-image based, is decompressed. The decompressed decrypted data isthen displayed on the monitor of the PC, as is shown at 39, so that theoperator can verify the identify of the cardholder 24. In the case offinger biometrics, the cardholder places a finger on the finger scanner,as is indicated at 28, and the derived biometric data is compared in aone-to-one match with that acquired from the smart card, with theverification taking place automatically. The result of the verificationtogether with the details of the operator can be logged foraccountability purposes.

Referring now to FIG. 2, a second embodiment of a verification datatransfer method is shown. The first steps of operator access control,reading of the smart card and verification and identification of thecardholder are identical to those illustrated in FIG. 1, as is shown inblocks 40 and 42 respectively. In block 44, the verification datatogether with any additional data such as that referred to previouslywith reference to FIG. 1 is compressed and encrypted in the same manneras was described with reference to FIG. 1. This data is then encodedinto a two dimensional symbol or barcode 46. The two dimensional barcodehas Reed-Solomon error correction which allows for full recovery in theevent of partial destruction of the symbol. The two dimensional symbolmay either be an image based on two dimensional symbology or a fontbased on such symbology. Commercially available image-based twodimensional symbologies may be used, including PDF417, Supercode, AztecQR code and Datamatrix.

It will be appreciated that such two dimensional symbols are not limitedto conventional printing techniques, and can, for example, be etchedinto metal surfaces, laser engraved or applied to surfaces in a numberof other ways. The use of other multi-dimensional machine readable codeforms such as stacked barcodes or matrix barcodes is also possible.

The applicant has also developed a font-based two dimensional symbologywhich can be sent to a printer in text form based on a particular fontset. A specifically designed True Type font line interprets the textcode. This type of two dimensional symbology may be used for massprinting where image-based symbols require excessive memory and tend toslow down high-speed production processes. This means that verificationdata which is obtained from smart cards may be used at mass printinginstitutions where the data is incorporated in mass high-speed printedtwo dimensional bar codes.

The applicant has also developed two-dimensional symbology which cannotbe copied, and which forms the subject of International patentapplication no. PCT/IB-01/00362. This provides extra protection to theverification data within the two dimensional barcode or symbol 46 onprinted documents as it prevents such symbols from being copied.

The data acquired from the verification smart card is encoded in one ofthe above-mentioned two dimensional symbols 46 which is then printed ona document 48 such as a cheque. If the document is an electronicdocument the acquired data is electronically appended to the document ina PC 50 and then printed via a printer 52. Alternatively, if thedocument is non-electronic, it is placed in the printer 52 so that thesymbol 46 may be printed on it. A label having the symbol printed on itcan also be attached to the document Non-removable labels of the typemanufactured by the 3M Company are preferred. A label is sometimeseasier to print and to attach to the document, especially if one wantsto verify a preexisting document. This would be analogous to having apaper document electronically signed. The verification data acquiredfrom the verification smart card can be combined with additional datawhich is derived from the document itself, such as amounts or datesappearing on the document, which is then included in the data containedin the two dimensional symbol on the document.

Referring now to block 54, a verification process takes place in whichthe verification details of the operator are scanned in using ahand-held scanner 56, are decoded at a PC 58 and are verified, usingpassword and fingerprint biometrics identification means 14 and 16respectively, as was described previously with reference to block 34 ofFIG. 1.

The scanner 56 may be either a laser or a linear CCD two-dimensionalscanner, an image-based two-dimensional scanner, or a flat bed scanner.If the symbol is of a non-reproducible type, a specific scanner which iscapable of reading this form of symbol needs to be used, with thescanner being capable of separating the symbol from the protective layerduring the scanning process.

The data may be decoded by the scanning device 56 and sent to the PC 58(or other computing device) via the serial port Alternatively, the imageof the symbol is “frame grabbed” or scanned by a flat bed scanner anddecoded by the host PC 58. The decoded data is decrypted using a publickey which is secretly passed by the system, and the data is thendecompressed, as is indicated in block 60. The decoded and decompresseddata is displayed on the monitor of the host PC 58 for operatorverification or automatic verification by finger biometrics by matchinga live finger scan from the cardholder against the decrypted finger scan62 obtained from the data acquired from the two dimensional symbol 46.

Verification data can be stored for later verification and analysis, andthe computer 58 can also automatically verify various forms ofverification data, such as the ID number of the cardholder. Automatedverification can take place by scanning the documents in a batch processusing flat bed scanners equipped with a document feeder.

Referring now to FIG. 3, a third embodiment of a verification datatransfer method is shown. The initial access control and card read stepindicated at block 64 and the cardholder verification and identificationstep shown in block 66 is essentially identical to the correspondinginitial steps of FIGS. 1 and 2. Similarly, the two dimensional symbolencoding and printing step indicated in block 68 is identical to thecorresponding step shown in block 44 in FIG. 2. Block 70 shows thesubsequent steps in which the two dimensional symbol 46 is scanned andwritten to a third smart card 72. In this step, the two dimensionalsymbol 46 on the document 48 is scanned using the scanner 56, as isdescribed above with reference to block 54 of FIG. 2. The scanned datais subsequently written to the third smart card 72 via a cardreader/writer 74 using exactly the same procedure that was describedwith reference to block 32 of FIG. 1. The third smart card issubsequently read, the data is processed and the verification andidentification of the cardholder takes place in exactly the same manneras was described with reference to blocks 34 and 38 of FIG. 1.

The flowchart of FIG. 4 summarises the major steps of the basic method.

The invention will now be described with reference to two specific “reallife” applications.

The dramatic increase in vehicle thefts and hijackings has resulted in aworld-wide demand for counter-measures. The invention described in thisapplication can serve as an extremely useful and cost-effective guardagainst vehicle theft This application also demonstrates the effectiveuse of this invention with the proposed new South African smart cardidentity card.

On application for vehicle registration, the applicant's identity cardis presented to the operator. The identity card in this case is a smartcard which contains identity data and verification data. The operatorinserts the identity smart card into the card reader and gains accesscontrol via a finger biometrics verification process. The verificationdata is read from the smart card. The applicant places his/her finger ona finger scanner and his/her biometric data is matched to that acquiredfrom the identity card. It has now been certified that the person isindeed the owner of the card. The personal details which were acquiredfrom the card are now checked against the on-line vehicle ownershipdatabase in order to ensure that the cardholder is the true owner of thevehicle. The operator details, vehicle registration details and theverification details obtained form the card are compressed andencrypted. The data is then encoded into a two dimensional symbol andprinted on a pre-printed licence disk blank. In this case thepre-printed licence disk allows for the creation of a non-reproducibletwo-dimensional symbol. The licence disk now carries all the identitycard details of the applicant in a machine-readable form on the vehiclelicence disk. There can be no collusion between the operator and theapplicant and in effect the license disk is now carrying a highly securecopy of the applicant's identity document with it.

The invention also finds useful application in medical aid systems, i.e.systems or schemes for assisting members to pay for medical treatment(such schemes are known in the USA as traditional indemnity healthinsurance plans). A smart card serves as an extremely useful and securemedical aid card, especially since the person presenting the card can beverified as the true owner of the card. Other uses are the securewriting of diagnoses, prescriptions and doctors' certificates on thesmart card. Medical aid funds and similar institutions do not have anational identity infrastructure which affords them the ability tocreate smart cards with positive identity features on them. It will behighly convenient and cost effective to be able to obtain thisverification data from the national identity smart card.

Another problem with existing medical aid cards is the fact that theverification takes placed at the doctor's consulting rooms or hospitaland not at the medical aid provider itself. The medical aid provider canthus never be certain whether verification did indeed take place. Themedical aid institution can not be sure if the consultation claimed fordid indeed take place.

In this application, the verification data is read from the nationalidentity card to the medical aid smart card (or a medical aid card witha two-dimensional bar code). The medical aid card will now have theverification features of a national identity card. When the medical aidsmart card is presented to a doctor or hospital, the patient can beidentified and verified. The positive verification proof, theverification data from the smart card, the doctor's diagnosis,prescription and certificate details is then compressed and encryptedand printed on a medical aid claim form in the form of a two dimensionalsymbol. This claim becomes a secure claim form which cannot be altered,tampered with or fraudulently created, and can now be posted safely tothe medical aid provider. The installation at the medical aid providerscans and decodes the claim form, analyses and verifies the patientaccording to the verification data, and automatically processes theclaim form.

The invention greatly enhances the scope of smart card technology,especially from a security and verification point of view. It alsoeffectively integrates smart card technology with paper documentation.The invention also results in significant cost savings as theverification features provided by smart card identification caneffectively be used by many institutions without them needing theinfrastructure to create these secure verification features. The expenseof a secure national identity system (this is significant if oneconsiders the costs of a large national “automatic finder identificationsystem”, which is necessary to avoid duplicate applications by a singleperson) is justified when the use of the card can be so dramaticallyenhanced.

The invention has specific use in the area of processing official andbusiness applications and the like. The size of this area is onlyexceeded by its diversity. Practically all applications require proof ofidentity. Currently the ID book of the applicant is requested and aphotocopy is made. This is a highly insecure practice and will not beparticularly effective with the new smart card identity card as most ofthe details are incorporated on the chip of the card. For all types ofapplication the verification details will be encoded into a twodimensional symbol and printed on the relevant application form. Theapplication form is now permanently attached to the applicant withverifiable proof. The details read from the smart card can be usedautomatically to fill in the personal details of the applicant. The datawithin the two dimensional symbol can also be scanned later so that theapplication can be automatically processed.

A few of the main examples in which the invention will prove to beeffective in combating document fraud by providing a suitableverification method include contractual documents, insurance documents,certificates and claims, medical and hospital registration documents,medical aid cards, medical claim forms, doctors' certificates andprescriptions, and banking documents, including personnel informationforms and application forms for accounts, loans and mortgage bonds.Other areas of application include personal information documents andapplications, employment and account application forms andquestionnaires, together with government-based forms such census forms,ballot forms, applications for registration on the voters' roil, andvarious forms of licences, such as TV, trading and weapon licences. Inthe field of education, documents such as examination papers, studentapplication forms and cards and diploma certificates are applicable tothe invention. Vehicle-related documents, such as vehicle registrationpapers and windscreen licence disks, can also benefit from theinvention, together with all types of negotiable instruments, includingcheques and promissory notes, vouchers and tickets.

The above examples are given by way of illustration and are not intendedto be exhaustive or limiting.

1. A method of transferring verification data from a first carrier to asecond carrier, the method comprising the steps of: placing the firstcarrier in a reader connected to a computing device; and operating thecomputing device to perform steps of: verifying the verification data onthe first carrier; reading the verification data; securing theverification data; and writing the verification data to the secondcarrier in a machine readable format; wherein the step of verifying theverification data includes the steps of controlling access to the firstcarrier by verifying the credentials of an operator designated toimplement at least the reading step and verifying the identity of theholder of the first carrier, where said operator and said holder areseparate from one another, and where the operator and holderverification steps each comprise at least one of a PIN code, a password,or a biometrically-based verification procedure.
 2. A method accordingto claim 1 including the further steps of controlling access to theverification data written to the second carrier, reading theverification data and verifying the read data.
 3. A method according toclaim 2 wherein the step of controlling access to the writtenverification data on the second carrier is substantially identical tothe corresponding access control step in respect of the first carrier.4. A method according to claim 2 wherein the step of verifying the readdata on the second carrier is substantially identical to thecorresponding verification step with respect to the first carrier.
 5. Amethod according to claim 2 including the still further steps of readingthe verification data from the second carrier and writing theverification data to a third carrier in machine readable format.
 6. Amethod according to claim 5 wherein the second carrier is a document towhich the verification data is applied in machine readable format, andthe third carrier is a portable date storage device.
 7. A methodaccording to claim 6 wherein the third carrier is a smart card.
 8. Amethod according to claim 5 wherein the second carrier is a portabledata storage device and the third carrier is a document to which theverification data is applied in machine readable format.
 9. A methodaccording to claim 1 wherein the first carrier is a portable datastorage device.
 10. A method according to claim 9 wherein the firstcarrier is a first smart card.
 11. A method according to claim 1 whereinthe second carrier is a portable data storage device.
 12. A methodaccording to claim 11 wherein the second carrier is a second smart card.13. A method according to claim 11 wherein the second carrier comprisesa document to which the verification data is applied in a machinereadable format.
 14. A method according to claim 1 wherein the firstcarrier is an identity-based carrier associated with an individual. 15.A method according to claim 1 wherein the PIN code or password and thebiometrically-based verification procedures are used in conjunction withone another in a matching procedure.
 16. A method according to claim 1wherein the securing step includes the steps of adding additionalsecurity data to the verification data and compressing and encryptingthe combined security and verification data.
 17. A method according toclaim 1 which provides for the secure transfer of verification data froma first carrier to an n^(th) carrier via n−2 carriers, wherein eachintermediate data transfer step is secured.
 18. A system fortransferring verification data from a first carrier to at least a secondcarrier in a secure manner, the system including means for verifying theverification data on the first carrier, means for reading theverification data, means for securing the verification data, and meansfor writing the verification date to a second carrier in a machinereadable format, said means for verifying the verification dataincluding means for controlling access to the first carrier by verifyingthe credentials of an operator designated to implement at least thereading of the verification data and the identity of the holder of thefirst carrier, where the operator and holder are separate from oneanother, and where verifying the credentials of an operator and theidentity of the holder of the first carrier each comprise at least oneof a PIN code, a password, or a biometrically-based verificationprocedure.
 19. A system according to claim 18 further including meansfor controlling access to the verification data on the second carrier,means for reading the verification data on the second carrier, and meansfor verifying read verification data on the second carrier.
 20. A systemaccording to claim 19 wherein the securing means includes encrypting anddecrypting means as well as compressing and decompressing means forcompressing, encrypting, decrypting and decompressing the verificationdata.
 21. A system according to claim 18 wherein the first carrier is anidentity-based carrier associated with an individual.